URL refers to trojan download and has been altered for that reason - Forum Admin

The following is the brief description provided at this site:

This is a pioneering new remote administration tool. This will allow connections from systems running several versions of ZoneAlarm and Tiny Personal Firewall v2.0.15.0 (the lastest version).
a: Self installing invisible server which starts each time the system boots. b: Randomly named server. c: Will allow connections from systems running several versions of ZoneAlarm and Tiny Personal Firewall v2.0.15.0. d: If an installed TronServer.EXE is deleted under Windows 95/98, after a reboot of the system, lines added to autoexec will reinstall TronServer under another randomly generated name. e: Upload/Download files. f: File commands: copy file, move file, delete file, rename file, size of file. g: Directory commands: dir, cd, cd:, cd\ h: List running processes, kill process, and spawn process. i: Remote system time. j: Type keys for the remote system. k: Capture screen. l: Show picture on screen. m: Play WAV file. n: Open/Close CD-ROM. o: System shut down. (Should be used as last resort - forces a shut down which could damage data).

Click to expand...

I scanned tron.zip with TDS-3 and it detected nothing; however, when I unzipped tron.zip, TDS-3 positively identified tronserver.exe as "RAT.tron". Since I also have licenced versions of both Tauscan and Trojan Hunter (both are latest versions with data bases updated today), I scanned the unzipped file with them. Both Tauscan and Trojan Hunter failed to identify tronserver.exe as a trojan. Please feel free to draw your own conclusions.

This may seem picky; however, how come there was no detection of the zip file? tron.zip downloads to Windows/Temporary Internet Files. I scanned Temporary Internet files with zip files checked in TDS-3, and tron.zip went undetected. Obviously, I'm missing something.

You're right, of course. I'm still on a steep learning curve with TDS-3. I deleted the unzipped folder containing tronserver.exe and tron.zip from Windows/Temporary Internet files. When I then did a full system scan, TDS-3 made a positive identification (in archive) of tronserver.exe in C:\download\tron.zip. Good stuff. TDS-3 ... what a hunk of software!!!

I got the download for scanning it and like the screenshot above in Paul's posting.
I wonder if this is the same or equal tool as another "advertised" these days (potext), must read the advertisements better for better impressions.

I downloaded the compressed file, and both NAV and NOD32 not unexpectedly declared there was nothing wrong with it.

Being chicken, I didn't feel like experimenting with it in order to find out whether BOClean might detect it wehen it became active.
I did write to Kevin to inquire whether they knew about this one.
I'm sure it'll turn up in the forthcoming trojan definitions, though.
They're usually pretty fast.

I admit I'm tempted by TDS-3, although I am a little scared of being blinded by science when using it.

Indeed Magnus did put a database update available (see under "update alerts" forum here) regarding TrojanHunter. he did get a copy somewhat later as it seems.

Quite true: NAV, NOD32 do not catch the nastie - yet. In essense, AVs should be superb in their job, and ATs in theirs. Relying on an AV in order to catch trojans is not providing the needed security in general.

Keving will update de BOClean database; no doubt about that.

As for TDS and the learning curve: Upcoming new v4 comes in different flavours, "easy ones" as well.

I know about the AV's, but I just thought I'd try them on this trojan in order to find out what they'd say.

I'm happy using BOClean, but every now and then I think it would be nice to have a good on-demand scanner as well.

Mind you, not that I feel unprotected running these three apps.
I'm quite a prudent, run-of-the-mill computer user really, and I don't go looking for danger.
As a matter of fact, I can't even remember an occasion when BOClean had to jump in to save the day.

I just get your run of the mill Klez, Loveletter, Magistr thingies, and nothing really exciting ever comes my way, I'm sorry to say (NOT?)...

But about TDS-3, even without using 90% of all the options, I take it you can hopefully just scan a file or scan a drive without having go through the entire user manual first?

And I also assume that TDS-3 users are entitled to a free upgrade to TDS-4 when it's issued.

Just because it's got bells and whistles, you don't have to be musical....

Click to expand...

Ha!

And I just might feel like taking music lessons in the future, of course...

Meanwhile, about this trojan, I mailed Kevin at BOClean support about it, and I got this response:

Needless to say, already covered in BOClean's update overnight ... I took a look at it myself. Heh. What a *LAMEASS* pile of ... ummm.

Doesn't even have an "explorer" so the kids can waft around the disk, a number of really poorly crafted "tools" and of course the obligatory "shut down a few firewalls" but unlike what we're seeing out there that really IS a threat, this one doesn't replace their screens with new ones inside the trojan so you never know your protection went poof on you. Nor does it have the "spot-killer" which repeatedly hammers away at any attempts to restart same (assuming it wasn't completely destroyed and all hooks to go back to the vendor's site and get fixed up again are gone and blocked below the winsock) ... in the greater scheme of things that we deal with day in and day out, this one's pretty pathetic.

But we covered it anyway like so many other pathetic toys. Thanks much for turning it in.

Music from TDS?
Yes!
some scripting, at least you must have heard it singing "happy birthday to you" in one of the scripts, and yes, you can set up something to make it singing on your birthday. And you can use the jukebox script.
For the scanning was one easy configuration script as well, posted it even in one of the threads over here, i'm working on a HTML / vbs version to make it more easy and voice controlled, so what you know already to configure under the configuration tab, to put the sockets on automated and to configure the scan at wish with all you like to scan, including your whole network and your neighbors and people in the chatbox you're visiting, whatever you like and remote controlled from your wireless phone maybe if you like, yes it's all there, but not in that script
More explanations in the helpfile, which is a real interesting manual, with screenshots, explanation everywhere, and it seems to be growing all by itself, discovering more each time when searching something.

The helpfile is of so much more help with TDS if you can see what you're doing and hear, taste and sniff it and just do it
There are some screenshots in the manual.
Don't even pretent to ever learn it all by heart, as over 300 pages and a still growing number and all you can renew with the new version, etc etc. I just know where to find it if needed and i enjoy the new finds when digging again.
By that time, imagine, i'll have to renew several scripts and wave files, where it explains TDS-3 and "Welcome to TDS-3" etc etc etc
But by that time you'll wanting to be able to play "jingle bells" scripts you discovered by long you need a registered version for that, in the meantime discovering so many reasons why you don't even want to consider to be any single day without your most preferred and beloved program and the whole registered operators family with that, and the many more options a registered operator has..... or would you really like to study the TDS-4 manual first to hurt yourself any longer with all the gems and diamonds you don't have that moment?
Ahhh TDS............... what a gem !
Wished i could include some nice sexy TDS screenshot of some configuration or a trojan detection, whatever.
Pssst: some script includes my voice!

This was about tron, i remember, ok, TDS does detect it very well, as we see Paul's screenshot as well.

No reason to wait for that either, as we beta testing team are not in the stage of beta testing the whole product yet, nor do we really know details.
And: upgrading will be free of charge, so why wait?
I always love to play around and see the new toys included. Or maybe a whole reorganisation of all there is, extra tools, different ways........
You might like to look once you're there getting the TDS trial the WormGuard trial as well.
The registration doesn't cause new downloads, only including the keyfile which diamond key will unlock some former limitations to even more functionality, like the exec protection and being able to run all the scripts and other things Wayne might not have told us.
Take your time and have a nice look at it, as the trials are for free, even if you don't download them via my hop-clickbank URL which i don't post here <<wide grin>> just click www.tds.diamondcs.com.au and enjoy the real world of security the happy way.
Happy? Yes, because we are in the drivers seat and there's always nice family members in the passengers places around. That's what we have the TWO forums for, and not to forget the large educative manual and euhm.. TDS itself waking us up with friendly calling our name and some tips of the day, etc etc etc etc and whatever we have it doing beside the original included tasks via our own scripts!

I may even purchase it right away, as I'm convinced that if I'm to go for an on-demand anti-trojan, there's probably no need to look any further than TDS-3, with all its configurable bells and whistles.

As you see, I've become a believer already...

I'm interested in Worm Guard as well, but good grief, does one really need Nod32, NAV, BOClean, NIS, TDS-3 and Worm Guard.
And yes, I know it's a superior product, but what if I'm never going to get to use it because all my other stuff clobbers the occasional nasty first.

Hi again Ton,
NIS and WG 3 don't go well together, but v4 won't be a problem i guess/hope. We are promissed TDS and WG 4 will make of other developers green with envy and jobless, as well will be their products i might suppose with that.
Girls like diamonds, so i like to use all of their gemshttp://www.diamondcs.com.au/web/img/diamond.gifhttp://www.diamondcs.com.au/web/img/dcslogo.gif
and boys like girls, even more with diamonds, so a perfect combination, isn't it?
As we know the DCS gems are top of the security business we keep laughing and happy, discovering new abilities, even in our own scripting!
Leuk he?
Groetjes,
Jooske

Which of the TDS-3 boards Tony? This Only Official Public DCS / TDS Forum or the Registered Operators Only Private Forum.
I'm in both frequenting
You know, we love stupid questions, as the only stupid questions are the one's not asked at all, so we can all learn from them and from all the others which are asked even more all together!
Looking forward to learning lots more!

Which of the TDS-3 boards Tony? This Only Official Public DCS / TDS Forum or the Registered Operators Only Private Forum.
I'm in both frequenting
You know, we love stupid questions, as the only stupid questions are the one's not asked at all, so we can all learn from them and from all the others which are asked even more all together!
Looking forward to learning lots more!

Click to expand...

This one, I guess, as it's the only one I'm aquainted with.

Besides, I "do" 2 Dutch and 5 American boards, and I'm not really looking to add any more to those (for the moment, that is... )

Posted by: UNICRON Posted on: Today at 6:09pm
Ya stupid questions are good because they make us look smart when we know the answer. Smart questions are sometimes bad because they are often too hard to answer

Tony, just for the record, at the time that I performed the scan with Trojan Hunter, TH was "properly" updated in the sense that all updates available at that time were installed. Magnus had yet to issue an update that allowed TH to detect tronserver.exe. By the way, IMHO Magnus is justly deserving of a hearty "atta boy" for releasing the update within two hours of the file's submission. As of now (well, about 5 minutes ago), Tauscan has yet to be updated to detect this trojan.

URL refers to trojan download and has been altered for that reason - Forum Admin

Click to expand...

While I certainly understand why this action might be taken, it didn't seem out-of-line for me to provide the link. It appeared in the DSL Security Forum and, as of this moment, it still appears there unaltered. I used Tauscan for about two years before significantly upgrading my AT to TDS-3 and, in all that time, it never detected a single trojan on my system (unlike NAV in the case of viruses). Now it might appear that I'm bashing my own good fortune but not at all. Because it never detected a single trojan, there was always this lingering doubt in my mind as to whether it was effectively doing its job. Because I was able to download this trojan and watch TDS-3 detect it in short order (while others failed to do so at the same point in time), I am now convinced that TDS-3 is effectively doing its job. I now know that I made a worthwhile investment when I became a licenced TDS Operator. It was a realization that I wanted other TDS users to experience. In some ways, I wish that there was a test bed of trojans (modified so as to be rendered harmless if that's feasible) for this purpose. Regretably, if there is such a resource, I haven't been able to locate it. Regards.